I really don’t know what to add, because others before me have already provided pretty much the same info. Anyway, here it goes.

Some background: I attended the SANS 560 course (in May 2010). I really liked it. The course objectives, the exercises, the instructor’s performance, everything was great. Huge amount of material, just as an example, the instructor took the time to show us topics that were not even in the book (how to use meterpreter encoders for IDS evasion just to name one). The course was excellent, packed out with cool stuff, full of action, exercises that actually worked 100% of the time, real-life examples, etc. Recommended.

The exam: Well worded concise questions for the most part. I really appreciate that. Some screenshots of tcpdump, I really like those questions, they made me think hard. The “open book” part of the exam? Well, for the GPEN exam at least, the candidate either knows his stuff or he will struggle and even fail, even with the open book policy, even with the SANS books. Realistically, when the question is “analyze the tcpdump output on the screen and select what tool / command would cause it”, you are not going to find the answer in the book. The open book policy makes a difference, but only for so many questions. If it was an easy task, everybody would be scoring 99-100%.

Something I hated about the exam: You have to answer the first question in order to move on to the second question. Once answered, you cannot go back to the previous question. And you can only skip 5 questions to answer them later.

Something I REALLY hated about the exam: The counter on the right side telling you how many correct / wrong answers so far. I almost rather not know my score till the end.

One last thing - the exam is indeed harder than the practice runs

Conclusion: The course was really good. This was my first SANS course, and I can’t wait to do it again. And the exam was pretty hard, fair, and straightforward, I’d do it again as well.

I'm with Dynamik and BillV on the counter. On exams that don't have it (most of them), I keep a tally of questions I "know" I got right, those that I was pretty sure on, and those that I EWAG'd so I can breathe a sigh of relief when I've crossed the passing threshold. I've never failed a certification exam attempt, but I still find myself wondering as I take the exam.

Anyway, I'm glad you think the questions were concise and well worded. I've written questions for SANS and the guidelines are very strict about what they will and will not accept. Because of the stringent QA process, I find the questions much better than those on other exams.

Grats on the pass! I, like others, also like the running tally. When I did my GAWN exam I missed 7 or 8 questions in the first batch of 20 and I was seriously sweating bullets. Realizing I needed to focus, I only missed 1 question for the next 130. My target was a 90%+ which I've been fairly consistent on with my GIAC exams and made it this time as well. Without that tally I'm pretty sure I would have scored much lower as I would not have been as focused.

Hey guys, need a little help, I am taking my GPEN Friday the 1st of October. I have my GAWM already, but i have had strep and more, and the past few weeks no time to study and type up notes for the test. Can anyone email me anything the typed up for studying etc...? It would help me out a ton. I took the class live, and Im confident I'll be fine, but I usually like to type up notes and read them, and I will not have enough time to re read the books. if you can please email me at ucscox@yahoo.com

Last edited by KainVH on Thu Oct 21, 2010 10:04 am, edited 1 time in total.

Have you thought of rescheduling the exam? I've found that I get the most out of creating my index and notes from the books. I spend most of my study time doing my index, and the re-reading of the material really helps solidify it in my mind.

I just created a handwritten index in the white space on the front cover of each book for main topic areas. That only took me 20 or 30 minutes to knock out. Unlike some of the other course ware, Ed did a good job with the index for 560. Just knowing which book to grab was good enough for me and I finished with a 94 and plenty of time left.

If you are interested in practice tests for SANS courses, when you sign up to challenge the exam, you will get 2 practice exams at that time. Otherwise, you can buy them individually from www.sans.org.